Trusteer reports arrival of Shylock financial malware in the wild

According to the in-browser web security software vendor, the malware has been observed abusing a large installed base of infected machines to attack global financial institutions.

Trusteer adds that it is still investigating the new financial malware, which it has temporarily named Shylock. Unlike the non-financial malware Ramnit - which the firm reported late last month had turned into a fraud platform - Shylock does not incorporate tactics from the infamous Zeus Trojan. It appears, says the firm, that criminals have developed custom financial fraud capabilities for the Shylock malware.

With Shylock, however, Trusteer says that cybercriminals have developed customised financial fraud capabilities for the malware, including an improved methodology for injecting code into additional browser processes to take control of the victim's computer, and an improved evasion technique to prevent malware scanners from detecting its presence.

One nasty feature of the malware, says the firm, is a sophisticated watchdog service that allows it to resist removal attempts and restore operations.

“The ability of cyber criminals to develop, distribute, and operate new tools under the radar of the industry is troubling. Enterprises and individuals continue to rely on security architectures that were designed 20 years ago and have limited value in protecting their critical assets against cybercrime attacks”, he added.